Rkill 2.6.2 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2000 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/22/2000 06:38:48 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: a * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\system32\Ati2evxx.exe (PID: 280) [WD-HEUR] * C:\WINDOWS\system32\Ati2evxx.exe (PID: 1216) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * System Restore Disabled [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 [Dir] * C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 [Dir] * C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3693.42530__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3693.42530_x-ww_47e32df4 [Dir] * C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e => C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 [Dir] * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir] Checking Windows Service Integrity: * System Restore Service (srservice) is not Running. Startup Type set to: Automatic * System Restore Filter Driver (sr) is not Running. Startup Type set to: Disabled Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost 88.80.4.19 senuke.com 88.80.4.19 www.senuke.com 88.80.4.19 updates.senuke.com Program finished at: 10/22/2000 06:39:56 PM Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)